2. • Snort is an Intrusion Detection System (IDS) and Intrusion
Prevention System (IPS)
• Snort can be used to block malware, and other intrusions on
your computer.
• Snort, although initially programmed for Linux and other
Command Line Interface (CLI) systems, can be configured to run
on Windows.
• Before configuring Snort to run on Windows, your system is
required to have WinPCap and Barnyard installed.
3. • Before you can install Snort, your system
is require to have WinPCap 4.1.1 or
newer.
• Open up a your web browser and go to
your preferred search engine.
• Once there search for WinPCap and
download the latest version.
• In this case the latest version is 4.1.3.
• After the download run the installer and
go through the program setup like you
would normally.
4. • Other than WinPCap the only other system
requirement for installing Snort is Barnyard.
• So, again, open up your browser and go to your
search preferred search engine.
• Once there search for a Barnyard download for
Windows, this may be a little difficult to find so
make sure your include which OS you are using in
the search.
• Once you find it, download it and run the installer.
• Once the installer is running, go through the
program setup like you normally would.
5. • First we need to find the program that we need to install.
• So we open our web browser and go to any search engine.
• Search for Snort and open the result link to the program website.
• Once on the site go to the download section of the site.
6. • There are multiple sections
with download links.
• The one we are going to
download from is the
Binaries section.
• Under the Binaries list
there are multiple
download links.
• We are looking for the
Installer with the right file
type to run on our OS.
• We are using Windows, so
we are going to use the
executable (.exe) file.
• Download the file and run
through the set up process.
• If you are using Internet
Explorer, you may have to
save the file and rename it
as an .exe file.
7. • Now to download the your Snort rules, and get the program configuration started.
• On the Snort site, click the get rules button and it will take you to the rules download page.
• Here you are going to download the rules file that either matches or is closest to the version of Snort that
you have downloaded.
• Once downloaded extract the files to your Snort folder.
8. • Now we need to consult the documentation to configure Snort, which you can find on the Snort site,
or if you prefer on just about any search engine.
• Once you open your Snort documentation, read through and follow the instruction in order to
configure your Snort program.
9. • The documentation is
telling you to open the
.conf file and edit certain
lines in it.
• To do this find the file in
your etc folder in your
Snort folder.
• Right-click the program
and open it with
WordPad.
• In the .conf file
you are going to
search for the
lines that you are
instructed to
change .
• Once you find
them, make the
necessary
changes.
• Be sure to double
check your
changes before
you save and
close the file.
10. • In Fig. 1 you are being asked to run commands in your Command Prompt, so open up your
Command Prompt by opening your Start menu and searching “cmd”.
• Run the first command that is asks you to, and your screen should look like figure 2, and from this
you are going to find your interface number.
• Fig. 1 then asks you to run a second command in which “X” is to be replaced with your interface
number, so if done correctly, you should get a long stream of data like in Fig. 3.
Fig. 1
Fig. 2
Fig. 3
11. • You are now asked to open a new Command Prompt window and run the command “ping
google.com”.
• If it is done correctly you should end up with two Command Prompt windows that look like the two
above.
12. • The documentation now instructs you to close the previous two Command Prompt
windows and open a new one.
• Run the new command in your new Command Prompt window, and if no errors
occur you window should look like the second figure.
• If an error does occur, you will then need to open your .conf file in WordPad
again, and make correction to the appropriate lines, until running the command gives
you a screen similar to the one displayed in the second figure.
• You can identify the necessary line by looking for the number within the <> in the
error message.